rpms / glusterfs

Clone
Source Code
GIT

Blame SOURCES/0556-uss-svc-fix-double-free-on-xdata-dictionary.patch

c4 c5 c5-plus c6 c6-plus c6-sig-storage-gluster-5 c6-sig-storage-gluster-6 c6-sig-storage-gluster-7 c7 c7-alt c7-atomic c7-beta c7-sig-storage-gluster-5 c7-sig-storage-gluster-6 c7-sig-storage-gluster-7 c7-sig-storage-gluster-8 c7-sig-storage-gluster-9 c8 c8-beta c8-sig-storage-gluster-10 c8-sig-storage-gluster-6 c8-sig-storage-gluster-7 c8-sig-storage-gluster-8 c8-sig-storage-gluster-9 c8s c8s-sig-storage-gluster-10 c8s-sig-storage-gluster-11 c8s-sig-storage-gluster-8 c8s-sig-storage-gluster-9 c9 c9-beta c9s-sig-storage-gluster-10 c9s-sig-storage-gluster-11 c9s-sig-storage-gluster-9
  1.   21ab4eb9afa5ab596d11382126a3f8dfce0fddb3
  2.   SOURCES
  3.   0556-uss-svc-fix-double-free-on-xdata-dictionary.patch
Blob History Raw
21ab4e 
From 2893a79a95dc3abae4b69ccbb6a54772f5f63938 Mon Sep 17 00:00:00 2001
21ab4e 
From: Mohammed Rafi KC <rkavunga@redhat.com>
21ab4e 
Date: Mon, 3 Jul 2017 16:37:01 +0530
21ab4e 
Subject: [PATCH 556/557] uss/svc: fix double free on xdata dictionary
21ab4e
21ab4e 
we were taking unref on wrong dictionary which results
21ab4e 
in wrong memory access.
21ab4e
21ab4e 
Back port of>
21ab4e 
>Change-Id: Ic25a6c209ecd72c9056dfcb79fabcfc650dd3c1e
21ab4e 
>BUG: 1467513
21ab4e 
>Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
21ab4e 
>Reviewed-on: https://review.gluster.org/17691
21ab4e 
>CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
21ab4e 
>Smoke: Gluster Build System <jenkins@build.gluster.org>
21ab4e 
>Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
21ab4e
21ab4e 
Change-Id: Ic25a6c209ecd72c9056dfcb79fabcfc650dd3c1e
21ab4e 
BUG: 1191480
21ab4e 
Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
21ab4e 
Reviewed-on: https://code.engineering.redhat.com/gerrit/111808
21ab4e 
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
21ab4e 
---
21ab4e 
 .../features/snapview-client/src/snapview-client.c | 25 ++++++++++++++++------
21ab4e 
 .../features/snapview-client/src/snapview-client.h |  3 ++-
21ab4e 
 2 files changed, 20 insertions(+), 8 deletions(-)
21ab4e
21ab4e 
diff --git a/xlators/features/snapview-client/src/snapview-client.c b/xlators/features/snapview-client/src/snapview-client.c
21ab4e 
index efc3362..cd63bea 100644
21ab4e 
--- a/xlators/features/snapview-client/src/snapview-client.c
21ab4e 
+++ b/xlators/features/snapview-client/src/snapview-client.c
21ab4e 
@@ -1662,14 +1662,12 @@ gf_svc_readdirp_lookup_cbk (call_frame_t *frame, void *cookie, xlator_t *this,
21ab4e
21ab4e 
         local = frame->local;
21ab4e
21ab4e 
-        if (local->xdata != NULL)
21ab4e 
-                dict_unref (xdata);
21ab4e 
-
21ab4e 
         if (op_ret) {
21ab4e 
                 if (op_errno == ESTALE && !local->revalidate) {
21ab4e 
                         local->revalidate = 1;
21ab4e 
                         ret = gf_svc_special_dir_revalidate_lookup (frame,
21ab4e 
-                                                                    this);
21ab4e 
+                                                                    this,
21ab4e 
+                                                                    xdata);
21ab4e
21ab4e 
                         if (!ret)
21ab4e 
                                 return 0;
21ab4e 
@@ -1724,7 +1722,8 @@ out:
21ab4e 
 }
21ab4e
21ab4e 
 int
21ab4e 
-gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this)
21ab4e 
+gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this,
21ab4e 
+                                      dict_t *xdata)
21ab4e 
 {
21ab4e 
         svc_private_t *private    = NULL;
21ab4e 
         svc_local_t   *local      = NULL;
21ab4e 
@@ -1741,6 +1740,15 @@ gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this)
21ab4e 
         local = frame->local;
21ab4e 
         loc = &local->loc;
21ab4e
21ab4e 
+        if (local->xdata) {
21ab4e 
+                dict_unref (local->xdata);
21ab4e 
+                local->xdata = NULL;
21ab4e 
+        }
21ab4e 
+
21ab4e 
+        if (xdata)
21ab4e 
+                local->xdata = dict_ref (xdata);
21ab4e 
+
21ab4e 
+
21ab4e 
         inode_unref (loc->inode);
21ab4e 
         loc->inode = inode_new (loc->parent->table);
21ab4e 
         if (!loc->inode) {
21ab4e 
@@ -1879,10 +1887,13 @@ gf_svc_readdir_on_special_dir (call_frame_t *frame, void *cookie,
21ab4e 
                 }
21ab4e
21ab4e 
                 local->cookie = cookie;
21ab4e 
-                if (xdata == NULL)
21ab4e 
+                if (local->xdata) {
21ab4e 
+                        dict_unref (local->xdata);
21ab4e 
                         local->xdata = NULL;
21ab4e 
-                else
21ab4e 
+                }
21ab4e 
+                if (xdata)
21ab4e 
                         local->xdata = dict_ref (xdata);
21ab4e 
+
21ab4e 
                 STACK_WIND (frame, gf_svc_readdirp_lookup_cbk,
21ab4e 
                             SECOND_CHILD (this),
21ab4e 
                             SECOND_CHILD (this)->fops->lookup, loc, tmp_xdata);
21ab4e 
diff --git a/xlators/features/snapview-client/src/snapview-client.h b/xlators/features/snapview-client/src/snapview-client.h
21ab4e 
index e1fcb37..169974a 100644
21ab4e 
--- a/xlators/features/snapview-client/src/snapview-client.h
21ab4e 
+++ b/xlators/features/snapview-client/src/snapview-client.h
21ab4e 
@@ -96,6 +96,7 @@ typedef enum {
21ab4e 
 } inode_type_t;
21ab4e
21ab4e 
 int
21ab4e 
-gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this);
21ab4e 
+gf_svc_special_dir_revalidate_lookup (call_frame_t *frame, xlator_t *this,
21ab4e 
+                                      dict_t *xdata);
21ab4e
21ab4e 
 #endif /* __SNAP_VIEW_CLIENT_H__ */
21ab4e 
--
21ab4e 
1.8.3.1
21ab4e

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation